Internet Explorer cannot display the webpage" error.  I can access other web sites, such as Yahoo.com, Google.com, etc.

Okay. I got it to accept these commands. Still not working though.

Entered: static (inside,inside) tcp xxx.xx.249.197 192.168.1.50 http netmask 255.255.255.255

My web application is initiating a web request to itself to wake itself up after going to sleep. The request would come in on a virtual address of 192.168.1.101. I see the traffic on the log when this occurs, but don’t understand what is happening...

I captured the log at what I believe is the point of failure. The xxx.xxx.249.025 is the router address. The 66.129 address is the dns server.

192.168.1.50 physical address of the web server

192.168.1.101 virtual address of the server, which the site is tied to

xxx.xxx.249.197 Public ip address of the site

198.173.65.128 I don’t know what this address is

I am beginning to think this is not possible.

6 Feb 22 2011 01:40:43 305011 192.168.1.50 xxx.xxx.249.205 Built dynamic UDP translation from inside:192.168.1.50/53277 to outside:xxx.xxx.249.205/1025

6 Feb 22 2011 01:40:43 302015 66.129.64.152 192.168.1.50 Built outbound UDP connection 3802683 for outside:66.129.64.152/53 (66.129.64.152/53) to inside:192.168.1.50/53277 (xxx.xxx.249.205/1025)

6 Feb 22 2011 01:40:43 305011 192.168.1.50 xxx.xxx.249.205 Built dynamic TCP translation from inside:192.168.1.50/51205 to outside:xxx.xxx.249.205/1043

6 Feb 22 2011 01:40:43 302013 198.173.75.128 192.168.1.50 Built outbound TCP connection 3802684 for outside:198.173.75.128/110 (198.173.75.128/110) to inside:192.168.1.50/51205 (xxx.xxx.249.205/1043)

6 Feb 22 2011 01:40:43 305011 192.168.1.50 xxx.xxx.249.205 Built dynamic TCP translation from inside:192.168.1.50/51206 to outside:xxx.xxx.249.205/1044

6 Feb 22 2011 01:40:43 302013 198.173.75.128 192.168.1.50 Built outbound TCP connection 3802685 for outside:198.173.75.128/110 (198.173.75.128/110) to inside:192.168.1.50/51206 (xxx.xxx.249.205/1044)

6 Feb 22 2011 01:40:47 305011 192.168.1.50 xxx.xxx.249.205 Built dynamic TCP translation from inside:192.168.1.50/51207 to outside:xxx.xxx.249.205/1045

6 Feb 22 2011 01:40:47 302013 xxx.xxx.249.198 192.168.1.50 Built outbound TCP connection 3802686 for outside:xxx.xxx.249.198/80 (xxx.xxx.249.198/80) to inside:192.168.1.50/51207 (xxx.xxx.249.205/1045)

Hi Dave,

Since the traffic initiated from inside is coming on the VIP of the server , you can enable DNS doctoring for it  using :-

ASA(config)# no static (inside,outside) tcp xxx.xxx.249.197 www 192.168.1.101 www netmask 255.255.255.255

ASA(config)# static (inside,outside) tcp xxx.xxx.249.197 www 192.168.1.101 www netmask 255.255.255.255 dns

now clear all dns caches ( local machines and local dns servers if any for the web site). Now when the inside client would initiate a dns query for the web site, the ASA will modify the A record for the web site to the 192.168.1.101 from xxx.xxx.249.197.

Thanks

Manish

Hi Manish:

I entered these commands, but it did not resolve my issue. I do not see where these commands affect the GUI. I might need to undo them if they cause a problem.

I give up. The configuration of this device is just too complex. I am entering commands that make no sense to me. It is not possible for me to troubleshoot this environment.

Thank you for your assistance anyway.